Update Flash Player 10.1.102.64 - Hacks for not folding the full screen and not showing the caption "Press Esc for ..."

Patches for new Flash Player version files for browsers are described that eliminate the collapse of full-screen video on flash if the user goes to the second monitor (the flash movie loses focus). At the same time, the display of “Press Esc to exit full screen mode” is removed if the user goes to full screen mode. Patches can be applied both together, by simply replacing files from the archive (for the Russian version of Windows), or separately, following the procedure outlined. Applicable to all major browsers.

Today the minor version of the Adobe Flash Player has been updated. According to the hacking technique developed recently for player version 10.1.85.3, the files of the new version 10.1.102.64 are converted and uploaded for use (link at the bottom of the article). The technique has shown that this time it can be used without recourse to the disassembler.

Lyrical digression 1 . The user several times a year sees an update window of the same type with the same version number. In this case, version 10.1. In fact, minor versions of the player are updated, but this is not explained to the user in any way, so the suspicion that the system forgets about the installed updates every time begins to creep in and asks to install the same thing again. Let's leave this failure usability on the conscience of developers.

Disadvantages player and khaki.

Recently, a study was made on how to correct the current version of the player to remove a couple of existing usability inconveniences and gives hacks for the flash player libraries version 10.1.85.3.
1) if there are 2 monitors in the system and viewing a full-screen flash movie (for example, a movie) on one screen, loss of focus in the viewing window leads to minimization of the window. Hack 1 fixes this flaw, the window does not minimize when focus is lost.
2) each time the flash movie window is maximized to the full screen, the message “Press Esc to exit full screen mode” appears. Hack 2 corrects this flaw, the inscription does not appear.
There are no other ways to manage developers, therefore hacks are needed to correct the player’s behavior.
')
Lyrical digression 2 . Some interlocutors wanted to find in these inconveniences the consequences of security policy (recognizability of the flash window to counter phishing). But no one gave a convincing argument in support of maintaining inconvenience. It is known that the player in full-screen mode already does not allow to use most of the keyboard buttons, so the full-screen browser mode is more dangerous than the full-screen flash mode. Nevertheless, additional reinsurance is hung on the flash, from which we get rid of.

Manual hacking technique

The existing hacking program works only for Windows and only for the first hack. It will work as long as the logic of finding a hack location does not change. Until now, probably, no one has dealt with this issue in Linux and Mac, but in order to be able to do this and to understand the hack's actions in general, a methodology is set out.

Hack 1. Non-folding full-screen flash with 2 or more monitors in the system.

... And ...

Hack 2. Non-appearance of the inscription "Press Esc for ..." when viewing the flash in full screen (for any system language).

(Depending on the system language, the address of the variable line in the file may change, so the addresses are not specified, we use the search by string.)

0. In the hack there is a need after updating the version of the flash player on the computer. After the standard actions to update the player proceed to the following points.
1. Take Hex-editor (text editor, allowing you to search and change the codes of files in hexadecimal form).
2. Run (not necessarily) forcefully update the flash version for the IE browser by downloading the installer from fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe .
3. Close all browsers and their auxiliary windows.
4. Open files in Hex-editor.
1) C: \ WINDOWS \ system32 \ Macromed \ Flash \ NPSWF32.dll (for WinXP, or similar for other OS and for other ways of installation) version 10.1.102.64.
2) C: \ Documents and Settings \ <user name> \ Local Settings \ Application Data \ Google \ Chrome \ Application \ <browser_version_number> \ gcswf32.dll (for WinXP, or similar for other operating systems and for other ways of installation) version 10.1 .103.19 (yes, here the version was a bit different). If there are several versions of Google Chrome, the latest actual version is updated, the file from this folder should be opened.
3) For Win7, there is probably a way for the flash library used in Opera, of the approximate form% PROGRAMFILES (X86)% \ Opera \ program \ plugins \ NPSWF32.dll, where% PROGRAMFILES (X86)% is usually "c: \ Program Files (x86). " Open this file if there is one.
5. In the open files, find the line "74 39 83 E8 07 74 11 83 E8 05 75 13 8B", replace it with "90 90 83 E8 07 74 11 83 E8 05 75 13 8 8" (that is, replace the first 2 bytes from those found on “90 90”) - hack 1 .
6a. For IE. Removing protection from changes Flash10l.ocx. Copy the file C: \ WINDOWS \ system32 \ Macromed \ Flash \ Flash10l.ocx (for WinXP, or similar for other OS and for other ways of installation) to another location and remove the read-only attribute from the copy.
6b. Remove Flash10l.ocx using the Unlocker utility.
6c. Place a copy of Flash10l.ocx in place of the original file.
6d. Open the file C: \ WINDOWS \ system32 \ Macromed \ Flash \ Flash10l.ocx in the Hex-editor. In this file, find the line “00 48 0F 84 92 00 00 00 83 E8” (address 0x184c7b) and replace it with “00 48 90 90 90 90 90 90 83 E8” - hack 1 for Internet Explorer.
7. In all 3-4 or 5 open files, find the line "43 57 53 08 60 10 00 00 78 9C 95 57 6B 70 13 D7", replace with "84 85 4E 2B 6D 76 4E AA 65 1D D9 83 07 D4 93 2E ”- hack 2 .
8. Save all files, exit the editor. We launch browsers, check the result. If a positive result is not observed, the Unlocker utility checks if this browser is using the exact library that was fixed. If not, look for the library used. If the library found is an outdated version, replace it with a new, corrected (undesirable) or find a way to update the flash player for this browser. (Determine file version - right mouse button on the file - Properties - Version - File version.)

Learn more about finding the paths to executable libraries and the Unlocker program in the previous report about flash player patches .
Warning: erroneous actions with executable files can lead to a malfunction of individual programs and the operating system. Be sure that your actions are correct before you run the file.

Player library files version 10.1.102.64 with hacks 1 and 2, for replacement

As usual, for the Russian version of the flash player files we can take ready-made corrected files m.10.1.102.64 from the archive . Attention! Files are copied from russian installation, WinXP.
MD5 checksums:
NPSWF32.dll - 8E80A96F23D3CD94D36EB67687F16447 (5`971`408 bytes);
gcswf32.dll - 1466158D5E0D35CAD501BA663C9E4377 (6`021`120 bytes);
Flash10l.ocx - 6199A704B442AD435110A277FA28CF8F (6`071`760 bytes).
We mean that for Chrome the library version number in the current update is 10.1.103.19. When replacing, check that the file being replaced has the same version as the replacing one (at your own risk, you may not observe the exact correspondence of the versions, but then there are errors during operation). If the file is a different version, update the player to the required one (from the Adobe site), and then replace the files. It is enough to replace only 1 file, if you want to see the result of the patch not in all browsers installed on the system.